mirror of
https://github.com/siderolabs/talos.git
synced 2025-11-07 03:41:18 +01:00
96aa9638f7
There's a cyclic dependency on siderolink library which imports talos machinery back. We will fix that after we get talos pushed under a new name. Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
322 lines
14 KiB
Go
322 lines
14 KiB
Go
// This Source Code Form is subject to the terms of the Mozilla Public
|
|
// License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
// file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
|
|
|
//nolint:dupl
|
|
package config_test
|
|
|
|
import (
|
|
"testing"
|
|
|
|
"github.com/stretchr/testify/assert"
|
|
|
|
"github.com/siderolabs/talos/pkg/machinery/config"
|
|
)
|
|
|
|
func TestContractGreater(t *testing.T) {
|
|
assert.True(t, config.TalosVersion0_9.Greater(config.TalosVersion0_8))
|
|
assert.True(t, config.TalosVersionCurrent.Greater(config.TalosVersion0_8))
|
|
assert.True(t, config.TalosVersionCurrent.Greater(config.TalosVersion0_9))
|
|
|
|
assert.False(t, config.TalosVersion0_8.Greater(config.TalosVersion0_9))
|
|
assert.False(t, config.TalosVersion0_8.Greater(config.TalosVersion0_8))
|
|
assert.False(t, config.TalosVersionCurrent.Greater(config.TalosVersionCurrent))
|
|
}
|
|
|
|
func TestContractParseVersion(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
for v, expected := range map[string]*config.VersionContract{
|
|
"v0.8": config.TalosVersion0_8,
|
|
"v0.8.": config.TalosVersion0_8,
|
|
"v0.8.1": config.TalosVersion0_8,
|
|
"v0.88": {0, 88},
|
|
"v0.8.3-alpha.4": config.TalosVersion0_8,
|
|
} {
|
|
v, expected := v, expected
|
|
t.Run(v, func(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
actual, err := config.ParseContractFromVersion(v)
|
|
assert.NoError(t, err)
|
|
assert.Equal(t, expected, actual)
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestContractCurrent(t *testing.T) {
|
|
contract := config.TalosVersionCurrent
|
|
|
|
assert.True(t, contract.SupportsAggregatorCA())
|
|
assert.True(t, contract.SupportsECDSAKeys())
|
|
assert.True(t, contract.SupportsServiceAccount())
|
|
assert.True(t, contract.SupportsRBACFeature())
|
|
assert.True(t, contract.SupportsDynamicCertSANs())
|
|
assert.True(t, contract.SupportsECDSASHA256())
|
|
assert.True(t, contract.ClusterDiscoveryEnabled())
|
|
assert.False(t, contract.PodSecurityPolicyEnabled())
|
|
assert.True(t, contract.PodSecurityAdmissionEnabled())
|
|
assert.True(t, contract.StableHostnameEnabled())
|
|
assert.True(t, contract.KubeletDefaultRuntimeSeccompProfileEnabled())
|
|
assert.True(t, contract.KubernetesAlternateImageRegistries())
|
|
assert.True(t, contract.KubernetesAllowSchedulingOnControlPlanes())
|
|
assert.True(t, contract.KubernetesDiscoveryBackendDisabled())
|
|
assert.True(t, contract.ApidExtKeyUsageCheckEnabled())
|
|
assert.True(t, contract.APIServerAuditPolicySupported())
|
|
assert.True(t, contract.KubeletManifestsDirectoryDisabled())
|
|
assert.True(t, contract.SecretboxEncryptionSupported())
|
|
}
|
|
|
|
func TestContract1_3(t *testing.T) {
|
|
contract := config.TalosVersion1_3
|
|
|
|
assert.True(t, contract.SupportsAggregatorCA())
|
|
assert.True(t, contract.SupportsECDSAKeys())
|
|
assert.True(t, contract.SupportsServiceAccount())
|
|
assert.True(t, contract.SupportsRBACFeature())
|
|
assert.True(t, contract.SupportsDynamicCertSANs())
|
|
assert.True(t, contract.SupportsECDSASHA256())
|
|
assert.True(t, contract.ClusterDiscoveryEnabled())
|
|
assert.False(t, contract.PodSecurityPolicyEnabled())
|
|
assert.True(t, contract.PodSecurityAdmissionEnabled())
|
|
assert.True(t, contract.StableHostnameEnabled())
|
|
assert.True(t, contract.KubeletDefaultRuntimeSeccompProfileEnabled())
|
|
assert.True(t, contract.KubernetesAlternateImageRegistries())
|
|
assert.True(t, contract.KubernetesAllowSchedulingOnControlPlanes())
|
|
assert.True(t, contract.KubernetesDiscoveryBackendDisabled())
|
|
assert.True(t, contract.ApidExtKeyUsageCheckEnabled())
|
|
assert.True(t, contract.APIServerAuditPolicySupported())
|
|
assert.True(t, contract.KubeletManifestsDirectoryDisabled())
|
|
assert.True(t, contract.SecretboxEncryptionSupported())
|
|
}
|
|
|
|
func TestContract1_2(t *testing.T) {
|
|
contract := config.TalosVersion1_2
|
|
|
|
assert.True(t, contract.SupportsAggregatorCA())
|
|
assert.True(t, contract.SupportsECDSAKeys())
|
|
assert.True(t, contract.SupportsServiceAccount())
|
|
assert.True(t, contract.SupportsRBACFeature())
|
|
assert.True(t, contract.SupportsDynamicCertSANs())
|
|
assert.True(t, contract.SupportsECDSASHA256())
|
|
assert.True(t, contract.ClusterDiscoveryEnabled())
|
|
assert.False(t, contract.PodSecurityPolicyEnabled())
|
|
assert.True(t, contract.PodSecurityAdmissionEnabled())
|
|
assert.True(t, contract.StableHostnameEnabled())
|
|
assert.True(t, contract.KubeletDefaultRuntimeSeccompProfileEnabled())
|
|
assert.True(t, contract.KubernetesAlternateImageRegistries())
|
|
assert.True(t, contract.KubernetesAllowSchedulingOnControlPlanes())
|
|
assert.True(t, contract.KubernetesDiscoveryBackendDisabled())
|
|
assert.False(t, contract.ApidExtKeyUsageCheckEnabled())
|
|
assert.False(t, contract.APIServerAuditPolicySupported())
|
|
assert.False(t, contract.KubeletManifestsDirectoryDisabled())
|
|
assert.False(t, contract.SecretboxEncryptionSupported())
|
|
}
|
|
|
|
func TestContract1_1(t *testing.T) {
|
|
contract := config.TalosVersion1_1
|
|
|
|
assert.True(t, contract.SupportsAggregatorCA())
|
|
assert.True(t, contract.SupportsECDSAKeys())
|
|
assert.True(t, contract.SupportsServiceAccount())
|
|
assert.True(t, contract.SupportsRBACFeature())
|
|
assert.True(t, contract.SupportsDynamicCertSANs())
|
|
assert.True(t, contract.SupportsECDSASHA256())
|
|
assert.True(t, contract.ClusterDiscoveryEnabled())
|
|
assert.False(t, contract.PodSecurityPolicyEnabled())
|
|
assert.True(t, contract.PodSecurityAdmissionEnabled())
|
|
assert.False(t, contract.StableHostnameEnabled())
|
|
assert.False(t, contract.KubeletDefaultRuntimeSeccompProfileEnabled())
|
|
assert.False(t, contract.KubernetesAlternateImageRegistries())
|
|
assert.False(t, contract.KubernetesAllowSchedulingOnControlPlanes())
|
|
assert.False(t, contract.KubernetesDiscoveryBackendDisabled())
|
|
assert.False(t, contract.ApidExtKeyUsageCheckEnabled())
|
|
assert.False(t, contract.APIServerAuditPolicySupported())
|
|
assert.False(t, contract.KubeletManifestsDirectoryDisabled())
|
|
assert.False(t, contract.SecretboxEncryptionSupported())
|
|
}
|
|
|
|
func TestContract1_0(t *testing.T) {
|
|
contract := config.TalosVersion1_0
|
|
|
|
assert.True(t, contract.SupportsAggregatorCA())
|
|
assert.True(t, contract.SupportsECDSAKeys())
|
|
assert.True(t, contract.SupportsServiceAccount())
|
|
assert.True(t, contract.SupportsRBACFeature())
|
|
assert.True(t, contract.SupportsDynamicCertSANs())
|
|
assert.True(t, contract.SupportsECDSASHA256())
|
|
assert.True(t, contract.ClusterDiscoveryEnabled())
|
|
assert.False(t, contract.PodSecurityPolicyEnabled())
|
|
assert.False(t, contract.PodSecurityAdmissionEnabled())
|
|
assert.False(t, contract.StableHostnameEnabled())
|
|
assert.False(t, contract.KubeletDefaultRuntimeSeccompProfileEnabled())
|
|
assert.False(t, contract.KubernetesAlternateImageRegistries())
|
|
assert.False(t, contract.KubernetesAllowSchedulingOnControlPlanes())
|
|
assert.False(t, contract.KubernetesDiscoveryBackendDisabled())
|
|
assert.False(t, contract.ApidExtKeyUsageCheckEnabled())
|
|
assert.False(t, contract.APIServerAuditPolicySupported())
|
|
assert.False(t, contract.KubeletManifestsDirectoryDisabled())
|
|
assert.False(t, contract.SecretboxEncryptionSupported())
|
|
}
|
|
|
|
func TestContract0_14(t *testing.T) {
|
|
contract := config.TalosVersion0_14
|
|
|
|
assert.True(t, contract.SupportsAggregatorCA())
|
|
assert.True(t, contract.SupportsECDSAKeys())
|
|
assert.True(t, contract.SupportsServiceAccount())
|
|
assert.True(t, contract.SupportsRBACFeature())
|
|
assert.True(t, contract.SupportsDynamicCertSANs())
|
|
assert.True(t, contract.SupportsECDSASHA256())
|
|
assert.True(t, contract.ClusterDiscoveryEnabled())
|
|
assert.True(t, contract.PodSecurityPolicyEnabled())
|
|
assert.False(t, contract.PodSecurityAdmissionEnabled())
|
|
assert.False(t, contract.StableHostnameEnabled())
|
|
assert.False(t, contract.KubeletDefaultRuntimeSeccompProfileEnabled())
|
|
assert.False(t, contract.KubernetesAlternateImageRegistries())
|
|
assert.False(t, contract.KubernetesAllowSchedulingOnControlPlanes())
|
|
assert.False(t, contract.KubernetesDiscoveryBackendDisabled())
|
|
assert.False(t, contract.ApidExtKeyUsageCheckEnabled())
|
|
assert.False(t, contract.APIServerAuditPolicySupported())
|
|
assert.False(t, contract.KubeletManifestsDirectoryDisabled())
|
|
assert.False(t, contract.SecretboxEncryptionSupported())
|
|
}
|
|
|
|
func TestContract0_13(t *testing.T) {
|
|
contract := config.TalosVersion0_13
|
|
|
|
assert.True(t, contract.SupportsAggregatorCA())
|
|
assert.True(t, contract.SupportsECDSAKeys())
|
|
assert.True(t, contract.SupportsServiceAccount())
|
|
assert.True(t, contract.SupportsRBACFeature())
|
|
assert.True(t, contract.SupportsDynamicCertSANs())
|
|
assert.True(t, contract.SupportsECDSASHA256())
|
|
assert.False(t, contract.ClusterDiscoveryEnabled())
|
|
assert.True(t, contract.PodSecurityPolicyEnabled())
|
|
assert.False(t, contract.PodSecurityAdmissionEnabled())
|
|
assert.False(t, contract.StableHostnameEnabled())
|
|
assert.False(t, contract.KubeletDefaultRuntimeSeccompProfileEnabled())
|
|
assert.False(t, contract.KubernetesAlternateImageRegistries())
|
|
assert.False(t, contract.KubernetesAllowSchedulingOnControlPlanes())
|
|
assert.False(t, contract.KubernetesDiscoveryBackendDisabled())
|
|
assert.False(t, contract.ApidExtKeyUsageCheckEnabled())
|
|
assert.False(t, contract.APIServerAuditPolicySupported())
|
|
assert.False(t, contract.KubeletManifestsDirectoryDisabled())
|
|
assert.False(t, contract.SecretboxEncryptionSupported())
|
|
}
|
|
|
|
func TestContract0_12(t *testing.T) {
|
|
contract := config.TalosVersion0_12
|
|
|
|
assert.True(t, contract.SupportsAggregatorCA())
|
|
assert.True(t, contract.SupportsECDSAKeys())
|
|
assert.True(t, contract.SupportsServiceAccount())
|
|
assert.True(t, contract.SupportsRBACFeature())
|
|
assert.False(t, contract.SupportsDynamicCertSANs())
|
|
assert.False(t, contract.SupportsECDSASHA256())
|
|
assert.False(t, contract.ClusterDiscoveryEnabled())
|
|
assert.True(t, contract.PodSecurityPolicyEnabled())
|
|
assert.False(t, contract.PodSecurityAdmissionEnabled())
|
|
assert.False(t, contract.StableHostnameEnabled())
|
|
assert.False(t, contract.KubeletDefaultRuntimeSeccompProfileEnabled())
|
|
assert.False(t, contract.KubernetesAlternateImageRegistries())
|
|
assert.False(t, contract.KubernetesAllowSchedulingOnControlPlanes())
|
|
assert.False(t, contract.KubernetesDiscoveryBackendDisabled())
|
|
assert.False(t, contract.ApidExtKeyUsageCheckEnabled())
|
|
assert.False(t, contract.APIServerAuditPolicySupported())
|
|
assert.False(t, contract.KubeletManifestsDirectoryDisabled())
|
|
assert.False(t, contract.SecretboxEncryptionSupported())
|
|
}
|
|
|
|
func TestContract0_11(t *testing.T) {
|
|
contract := config.TalosVersion0_11
|
|
|
|
assert.True(t, contract.SupportsAggregatorCA())
|
|
assert.True(t, contract.SupportsECDSAKeys())
|
|
assert.True(t, contract.SupportsServiceAccount())
|
|
assert.True(t, contract.SupportsRBACFeature())
|
|
assert.False(t, contract.SupportsDynamicCertSANs())
|
|
assert.False(t, contract.SupportsECDSASHA256())
|
|
assert.False(t, contract.ClusterDiscoveryEnabled())
|
|
assert.True(t, contract.PodSecurityPolicyEnabled())
|
|
assert.False(t, contract.PodSecurityAdmissionEnabled())
|
|
assert.False(t, contract.StableHostnameEnabled())
|
|
assert.False(t, contract.KubeletDefaultRuntimeSeccompProfileEnabled())
|
|
assert.False(t, contract.KubernetesAlternateImageRegistries())
|
|
assert.False(t, contract.KubernetesAllowSchedulingOnControlPlanes())
|
|
assert.False(t, contract.KubernetesDiscoveryBackendDisabled())
|
|
assert.False(t, contract.ApidExtKeyUsageCheckEnabled())
|
|
assert.False(t, contract.APIServerAuditPolicySupported())
|
|
assert.False(t, contract.KubeletManifestsDirectoryDisabled())
|
|
assert.False(t, contract.SecretboxEncryptionSupported())
|
|
}
|
|
|
|
func TestContract0_10(t *testing.T) {
|
|
contract := config.TalosVersion0_10
|
|
|
|
assert.True(t, contract.SupportsAggregatorCA())
|
|
assert.True(t, contract.SupportsECDSAKeys())
|
|
assert.True(t, contract.SupportsServiceAccount())
|
|
assert.False(t, contract.SupportsRBACFeature())
|
|
assert.False(t, contract.SupportsDynamicCertSANs())
|
|
assert.False(t, contract.SupportsECDSASHA256())
|
|
assert.False(t, contract.ClusterDiscoveryEnabled())
|
|
assert.True(t, contract.PodSecurityPolicyEnabled())
|
|
assert.False(t, contract.PodSecurityAdmissionEnabled())
|
|
assert.False(t, contract.StableHostnameEnabled())
|
|
assert.False(t, contract.KubeletDefaultRuntimeSeccompProfileEnabled())
|
|
assert.False(t, contract.KubernetesAlternateImageRegistries())
|
|
assert.False(t, contract.KubernetesAllowSchedulingOnControlPlanes())
|
|
assert.False(t, contract.KubernetesDiscoveryBackendDisabled())
|
|
assert.False(t, contract.ApidExtKeyUsageCheckEnabled())
|
|
assert.False(t, contract.APIServerAuditPolicySupported())
|
|
assert.False(t, contract.KubeletManifestsDirectoryDisabled())
|
|
assert.False(t, contract.SecretboxEncryptionSupported())
|
|
}
|
|
|
|
func TestContract0_9(t *testing.T) {
|
|
contract := config.TalosVersion0_9
|
|
|
|
assert.True(t, contract.SupportsAggregatorCA())
|
|
assert.True(t, contract.SupportsECDSAKeys())
|
|
assert.True(t, contract.SupportsServiceAccount())
|
|
assert.False(t, contract.SupportsRBACFeature())
|
|
assert.False(t, contract.SupportsDynamicCertSANs())
|
|
assert.False(t, contract.SupportsECDSASHA256())
|
|
assert.False(t, contract.ClusterDiscoveryEnabled())
|
|
assert.True(t, contract.PodSecurityPolicyEnabled())
|
|
assert.False(t, contract.PodSecurityAdmissionEnabled())
|
|
assert.False(t, contract.StableHostnameEnabled())
|
|
assert.False(t, contract.KubeletDefaultRuntimeSeccompProfileEnabled())
|
|
assert.False(t, contract.KubernetesAlternateImageRegistries())
|
|
assert.False(t, contract.KubernetesAllowSchedulingOnControlPlanes())
|
|
assert.False(t, contract.KubernetesDiscoveryBackendDisabled())
|
|
assert.False(t, contract.ApidExtKeyUsageCheckEnabled())
|
|
assert.False(t, contract.APIServerAuditPolicySupported())
|
|
assert.False(t, contract.KubeletManifestsDirectoryDisabled())
|
|
assert.False(t, contract.SecretboxEncryptionSupported())
|
|
}
|
|
|
|
func TestContract0_8(t *testing.T) {
|
|
contract := config.TalosVersion0_8
|
|
|
|
assert.False(t, contract.SupportsAggregatorCA())
|
|
assert.False(t, contract.SupportsECDSAKeys())
|
|
assert.False(t, contract.SupportsServiceAccount())
|
|
assert.False(t, contract.SupportsRBACFeature())
|
|
assert.False(t, contract.SupportsDynamicCertSANs())
|
|
assert.False(t, contract.SupportsECDSASHA256())
|
|
assert.False(t, contract.ClusterDiscoveryEnabled())
|
|
assert.True(t, contract.PodSecurityPolicyEnabled())
|
|
assert.False(t, contract.PodSecurityAdmissionEnabled())
|
|
assert.False(t, contract.StableHostnameEnabled())
|
|
assert.False(t, contract.KubeletDefaultRuntimeSeccompProfileEnabled())
|
|
assert.False(t, contract.KubernetesAlternateImageRegistries())
|
|
assert.False(t, contract.KubernetesAllowSchedulingOnControlPlanes())
|
|
assert.False(t, contract.KubernetesDiscoveryBackendDisabled())
|
|
assert.False(t, contract.ApidExtKeyUsageCheckEnabled())
|
|
assert.False(t, contract.APIServerAuditPolicySupported())
|
|
assert.False(t, contract.KubeletManifestsDirectoryDisabled())
|
|
assert.False(t, contract.SecretboxEncryptionSupported())
|
|
}
|